Don’t Take the Phisherman’s Bait

By
Erin Monaghan

FOLLOW US

SHARE

We all know the rules when it comes to protecting ourselves from danger. Don’t accept packages from strangers, don’t send in for free offers and don’t give personal information to any “Joe” asking for it. The same rules of engagement apply to the Internet and especially email.

Ads

Opening attachments from addresses you are not familiar with is like accepting a package from a stranger that could contain a harmful computer virus. Replying to spam is like sending in for free offers, it’s just an invitation to junk mail providers to send you more junk mail. These “rules” have become common sense among the million of users in the email community. However, every time users become more protective of their mail, the more savvy the bad guys become.

The newest trick up email con’s sleeves is phishing. Phishers will email, or instant message you asking for personal information like passwords or billing information, and providing this information is like handing your wallet to a stranger.

According to I.T. Vibe, 58 percent of people receive at least one phishing email every day. I know all are thinking: “I would never give my personal information to a stranger just asking for it. Heck, I don’t even like to say my phone number out loud at the video rental store!” Truth is, millions of people every year fall victim to phishing scams. In 2004 CNET reported that Americans lost 500 million dollars to phishing.

Phishing first appeared on the Internet about 10 years ago on AOL—at the time AOL was the country’s largest ISP. Phishers would email or IM unsuspecting users claiming to be employees that needed to verify account information like passwords and credit card numbers. The epidemic became so bad that to this day AOL includes a disclaimer on all their instant messenger and email services that “AOL will never ask you to send us your password or credit card number in an email.”

Gradually phishers became more sophisticated. Two prominent phishing methods have emerged in the last 10 years. They are the “Trusted Company Account Verification Scam” and the “Million Dollar Money Scam.”

With the “Trusted Company Account Verification Scam,” phishing emails look and feel like major trusted corporations such as banks or the IRS and reputable web services like eBay, PayPal or Amazon. Phishers use the same methods like asking for account justification or lost billing information, but they look and feel like legitimate services you use on a regular basis. The email may even assure you that this is not part of the company’s regular practices and regrets troubling you. They will then ask you to reply to the email or fill out a form including personal information like your full name, phone number, SSN, credit card number, password, mother’s maiden name or more. Once they have all your identifiable information, their imagination is the limit. There are hundreds of reports of credit fraud and emptied bank accounts.

Some phishers go as far as establishing a phony web site for suspicious victims to check out. Often these sites are so convincing that even skeptics voluntary provide their personal information.

Upper middle class people are particularly vulnerable. Phishers see these people as bigger targets and worth more of their time. Upper middle class citizens are likely to manage their own money and have Internet access.

The “Million Dollar Money Scam” is relatively new to the phishing scene. This is sometimes known as the “Nigerian Money Scam” or the “Lottery Scam.” These are emails addressed to you usually from an alleged attorney or bank official from a foreign country. They will explain that there are millions of dollars of unclaimed money, usually left by a deceased millionaire that they are willing to share with you, but they need you to send a few hundred or thousand dollars as earnest cash and your bank account number in which to launder the money. In some cases, through correspondence with the con artist, people have traveled to the foreign country and have been robbed.

The “Lottery Scam” claims you or someone you know has won a foreign lottery. You are instructed to contact the company to claim your prize. Often they will require identity verification by requiring copies of your drivers’ license, passport and social security card. Sometimes they will try to make you buy several products in order to qualify for your “grand prize.”

These are just a few examples of common phishing scams. There are many different ways con artists will try to dupe you. Often your identity is more important to them than your money.

Now, phishers send out thousands of fraudulent emails and hope one person takes the bait. Future phishing attacks are suspected to become more specific and targeted. Additionally, they will move from one–man attacks to groups of people conducting complex bogus banking operations.